Ekta Aggarwal, Mehdi Karimibiuki, K. Pattabiraman, A. Ivanov
{"title":"CORGIDS: A Correlation-based Generic Intrusion Detection System","authors":"Ekta Aggarwal, Mehdi Karimibiuki, K. Pattabiraman, A. Ivanov","doi":"10.1145/3264888.3264893","DOIUrl":null,"url":null,"abstract":"Cyber-physical systems (CPS) consist of software and physical components which are knitted together and interact with each other continuously. CPS have been targets of security attacks due to their safety-critical nature and relative lack of protection. Specification based intrusion detection systems (IDS) using data, temporal, data temporal and time, and logical correlations have been proposed in the past. But none of the approaches except the ones using logical correlations take into account the main ingredient in the operation of CPS, namely the use of physical properties. On the other hand, IDS that use physical properties either require the developer to define invariants manually, or have designed their IDS for a specific CPS. This paper proposes CORGIDS, a generic IDS capable of detecting security attacks by inferring the logical correlations of the physical properties of a CPS, and checking if they adhere to the predefined framework. We build a CORGIDS-based prototype and demonstrate its use for detecting attacks in the two CPS. We find that CORGIDS achieves a precision of 95.70%, and a recall of 87.90%, with modest memory and performance overheads.","PeriodicalId":247918,"journal":{"name":"Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy","volume":"113 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3264888.3264893","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 17
Abstract
Cyber-physical systems (CPS) consist of software and physical components which are knitted together and interact with each other continuously. CPS have been targets of security attacks due to their safety-critical nature and relative lack of protection. Specification based intrusion detection systems (IDS) using data, temporal, data temporal and time, and logical correlations have been proposed in the past. But none of the approaches except the ones using logical correlations take into account the main ingredient in the operation of CPS, namely the use of physical properties. On the other hand, IDS that use physical properties either require the developer to define invariants manually, or have designed their IDS for a specific CPS. This paper proposes CORGIDS, a generic IDS capable of detecting security attacks by inferring the logical correlations of the physical properties of a CPS, and checking if they adhere to the predefined framework. We build a CORGIDS-based prototype and demonstrate its use for detecting attacks in the two CPS. We find that CORGIDS achieves a precision of 95.70%, and a recall of 87.90%, with modest memory and performance overheads.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
